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CLAIMS 



Claims 1 - 26 (Cancelled) 

27. (Previously Presented) A firewall device for inspecting packets transmitted over a 
network comprising: 

a) a firewall core connected to each of a plurality of communication 
interfaces and executing at least one inspection module wherein each at 
least one inspection module is software code configured to carry out an 
operation of providing protocol information for a particular protocol to 
said firewall core; and 

b) a new inspection module inserted into an operating memory of said firewall 
core during operation of said firewall core wherein said new inspection 
module is software code configured to carry out an operation of providing 
protocol inspection for a new particular protocol to said firewall core 
wherein said new particular protocol is different from each said particular 
protocol provided by each said at least one inspection module. 

28. (Previously Presented) The firewall device of claim 27, wherein said firewall core 
is configured to monitor said operating memory for said new inspection module. 

29. (Previously Presented) The firewall device of claim 27, wherein each said at least 
one inspection module and said new inspection module each further comprise a plurality 
of callback functions, said plurality of callback functions communicated to said firewall 
core and providing communication between said firewall core and said at least one 
inspection module. 
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30. (Previously Presented) The firewall device of claim 27, wherein each said at least 
one inspection module and new inspection module are each further configured to 
indicate to said firewall core for which protocol for data packets said inspection module 
is configured to provide inspection. 

31. (Previously Presented) The firewall device of claim 27, wherein each data packet 
intercepted by said firewall core further includes session information comprising address 
and port data, said firewall core further configured to map said session information for 
each said data packet to one of said at least one inspection modules and said new 
inspection module. 

32. (Previously Presented) A firewall core in a firewall system that inspects data 
packets transmitted over a network comprising: 

a communication unit wherein said communication unit is operatively coupled to 
each one of a plurality of communication interfaces connected to said network; 

a set of callback functions, retrieved from each of at least one inspection modules 
loaded into a memory of said firewall core, each of said set of callback functions provide 
communication between said firewall core and one of said at least one inspection 
modules and wherein each said at least one inspection module is software code 
configured to carry out the operation of providing protocol information and to inspect 
data packets of a particular protocol; and 

wherein said firewall core monitors said memory to determine when a new 
inspection module is loaded into said memory wherein said in new inspection module is 
inserted into an operating memory of said firewall core during operation of said firewall 



3 



Docket No.: CISCO-1935 

core wherein said new inspection module is software code configured to carry out an 
operation of providing protocol inspection for a new particular protocol to said firewall 
core wherein said new particular protocol is different from each said particular protocol 
provided by each said at least one inspection module. 

33. (Previously Presented) The firewall core of claim 32, wherein said communication 
unit is further configured to intercept network data communicated via each of said 
plurality of communication interfaces. 

34. (Previously Presented) The firewall core of claim 32, further comprising a session 
mapping unit, said data packets intercepted by said firewall core further including 
session information comprising address and port data, said session mapping unit further 
configured to map said session information to a corresponding one of said at least one 
inspection modules providing inspection for said protocol of said packet into a session 
mapping and store said session mapping into said session mapping unit. 

35. (Previously Presented) The firewall core of claim 34, wherein said communication 
unit is further configured to communicate a packet between said communication 
interfaces and one of said at least one inspection modules. 

36. (Previously Presented) An inspection module for a firewall device comprising 
software code stored in a memory of a firewall core that inspects packets transmitted 
over a network in a particular protocol, said inspection module comprising: 

an inspection unit configured to inspect and authorize data packets formatted in 
said particular protocol; 
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a function table including a set of callback functions wherein said set if callback 
functions provides communication between said firewall core and said inspection 
module; and 

wherein said inspection module is loaded into said memory monitored by said 
firewall core during operation of said firewall device. 

37. (Previously Presented) The inspection module of claim 36, wherein said 
inspection module is further configured to indicate to said firewall core for said protocol 
for data packets to be inspected by said inspection module. 

38. (Previously Presented) The inspection module of claim 36, where in said 
inspection unit is further configured to receive and inspect packets communicated from 
the firewall core to said inspection module. 

39. (Previously Presented) A method for providing an inspection module for 
inspecting data packets of a particular protocol to a firewall system during runtime 
comprising: 

loading an inspection module into a memory monitored by a firewall core during 
operation of said firewall system wherein said inspection module comprises software 
code for an application providing inspections of packets in said particular protocol; 
notifying the firewall core of said inspection module in said memory; and 
communicating said set of callback functions from said inspection module to said 
firewall core. 
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40. (Previously Presented) The method of claim 39, further comprising enabling said 
inspection module, prior to communicating said set of callback function to said firewall 
core. 

41. (Previously Presented) The method of claim 39 further comprising inspecting of 
packets of said particular protocol by said inspection module, said packets 
communicated from the firewall core to said inspection module. 

42. (Previously Presented) The method of claim 39 wherein said step of notifying the 
firewall core comprises: 

transmitting a signal to the firewall core to indicate the installation of said 
inspection module. 

43. (Previously Presented) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
adding protocol knowledge to a firewall system during runtime comprising, said firewall 
system including a firewall core, said method comprising: 

loading an inspection module into a memory monitored by said firewall core 
during operation of said firewall system wherein said inspection module comprises 
software code executable to inspect a data packet of a particular protocol and to 
provide protocol information for said particular protocol to said firewall core; 

notifying the firewall core said inspection module is loaded into said memory 
responsive to said loading; and 

communicating a set of callback functions from said inspection module to said 
firewall core. 
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44. (Previously Presented) The program storage device of claim 43, said method 
further comprising: 

enabling said inspection module prior to communicating said set of callback 
functions to said firewall core. 

45. (Previously Presented) The program storage device of claim 43, said method 
further comprising: 

inspecting of packets by said inspection module, said packets communicated from 
the firewall core to said inspection module. 

46. (Previously Presented) The program storage device of claim 39, wherein said step 
of notifying the firewall core comprises: 

transmitting a signal to the firewall core to indicate the loading of said inspection 
module. 

47. (Previously Presented) The program storage device of claim 39, said method 
further comprising: 

indicating by said inspection module said particular protocol of data packets that 
said inspection module inspects. 
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